Privacy Pass Authentication for Kagi Search
358 comments
·February 13, 2025raphaelrobert
alphabetter
Honestly, I think what TFA calls "Kagi’s implementation of Privacy Pass" is the integration of the feature into their server and clients, not the RFC (which they acknowledge), or the protocol implementation.
abound
[I work at Kagi]
Indeed, this is the intended interpretation of "Kagi's implementation of Privacy Pass" - we're talking about building out the server infrastructure, the UX, the browser extensions, the mobile applications, the Orion browser integration, the support and documentation, the Tor service, etc. The cryptography is obviously an extremely important piece, but it is far from the only piece.
As other commenters have noted, the code in question is MIT licensed [1] and we're pulling it in as a standard dependency [2], it's not like we've gone out of our way to obscure its origin. The MIT license does not require us to do anything more.
That said, I can understand the author wanting more visible attribution, and that's very reasonable, we'll add a blurb to the blog post acknowledging his contribution to Kagi's deployment of Privacy Pass.
[1] https://github.com/raphaelrobert/privacypass/blob/main/LICEN...
[2] https://github.com/kagisearch/privacypass-lib/blob/e4d6b354d...
raphaelrobert
Understood, and thanks for updating the blog post. The discussion in the comments was interesting, and I'd like to clarify a few points. From my side, there never were any doubts about licensing compliance. I picked MIT precisely so that folks can use the implementation without further obligations, I wanted the implementation to be as useful as possible. What startled me was the combination of a for-profit company writing a blog post about a new feature (that will likely further increase profit in the future), using my implementation as the core of the feature (and therefore likely save a bunch of money) and not giving any credit to either the IETF batched tokens draft or the implementation. Anyway, the blog post has been amended now – thanks for that. Case closed.
PS: If you want to go above and beyond, you can spell my last name right in the blog post – it's Robert, not Roberts.
SamuelAdams
So if they add “credit to raphaelrobert”, or a copy of your license to their code somewhere, Kagi will be compliant?
I’ve never had any of my open source software used, and I typically license it with MIT, so I’m curious how other groups and organizations actually comply with the license.
literallyroy
They are compliant, the code being used is under the MIT license.
moksha256
Yeah I'm as big of a FOSS fan as the next guy on here but you really can't complain about how someone uses your code if you used the MIT License...one of the most permissive licenses in existence.
If someone wants attribution or something then they should use a license that requires that thing.
ignoramous
Kagi isn't MIT compliant if they lifted code and removed the copyright of the original author (as claimed by OP) only to replace it with theirs.
https://github.com/kagisearch/privacypass-lib/blob/83c9be8cb...
_Algernon_
MIT licence explicitly requires maintaining the original copyright header, and licence.
>Copyright (c) <year> <copyright holders>
>Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
>*The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.*
>[...]
graypegg
Captured 14 Feb 2025 ~12:15pm EST from README header
> This repository contains the source code of the core library implementing the Privacy Pass API used by Kagi.
Yeah... that doesn't feel great. Though I do think the folks at Kagi would be open to more accurately reframing that as "core library implementing a Crystal Lang wrapper for raphaelrobert/privacypass". It's likely unintentional, they were probably just focusing on getting it working and didn't get someone to reread this stuff.
drdaeman
Neat! It's rare to see that a service you use actually does something that benefits the user rather that itself. An unexpected, but a really pleasant surprise.
I wish this extension would integrate better with the browser by automatically understanding the context. That is, if I'm in a "regular" mode it'll use my session, but if I'm in a "private browsing" mode (`browser.extension.inIncognitoContext`) it'll use Privacy Pass to authenticate me, without me having to explicitly do anything about it.
(I don't use Orion, as there's no GNU/Linux version.)
_fat_santa
> It's rare to see that a service you use actually does something that benefits the user rather that itself
The reason it's become so rare is most companies in this space (heck tons of tech companies period) have used a business model of offering a thing to one group of users and then turning around and selling the results of that thing to another group of users, where the latter group is the one actually driving your revenue. This by default almost assumes a hostility towards the former group because their interests will of course be at odds with the interests of the latter group.
What's refreshing about Kagi and other new tech companies is they have dumped this model in favor of having just one group that they serve and drive revenue from (ie. the 'old' model).
sxg
The other part to this is that the internet accelerates network-effects, which you can further supercharge by making your product as cheap as possible or free to the former group in your example.
It’s hard to make money by charging a lot to a small group of people since now you’re dealing with anti-network effects. Doubling the price of a product will likely more than halve your user base.
api
This is one of the best explanations I've seen for this phenomenon.
If you try to build a network of paid users, you lose because you'll be run over by 'free' competitors monetizing indirectly.
Twisell
However, most of current fremium games are precisely based on this model (Fortnite, LoL, TF2, most of mobile games, etc...)
The service is subsidized by "whale players" that regularly spend a lot of cash, but they are a lot of freeloaders (to entertain the whales and to build brand popularity).
numbsafari
> This by default almost assumes a hostility towards the former group because their interests will of course be at odds with the interests of the latter group.
I would generally agree that that's the "default".
However, there are cases where two sides of a market need an intermediary with which they can both independently transact, and a net benefit of that interaction is felt on both sides. The key is to construct the solution such that the intermediary depends on the goodwill of both sides of the market.
I think Kagi is somewhat flipping the script. By "taking" data from publishers for free, they are then selling it to readers at a cost. However, there is a trade off. Kagi needs to make sure publishers continue to make their content available so that it can be searchable, or used in their Assistant product. In order to do that, they need to do the opposite of what Google is doing by trying to sequester traffic on Google.com: Kagi's best interest is to make sure that they provide good value to both sides.
Indeed, using the Assistant product, the way it is structured, I very often find myself clicking through to the referenced original sources and not just consuming the summarized content.
How this evolves over time, from a product design standpoint, will be interesting to watch.
ulrikrasmussen
Kagi user here. I agree!
The main driver of hostility to users is due to ad-based business models. I think we would see a much more healthy internet if we had regulation which prohibited companies from choosing ads based on any information associated with the user that the ad is shown to. That is, any data collected in the past and any data associated with the session and request must not be taken into account when choosing the ad; two requests by different users in different locations should have the exact same ad probability distributions.
I know we are never getting this because it would kill or severely harm the business models of some of the most profitable businesses in the world.
basch
They would be a good steward of pinboard.in if it were for sale / recovery.
brookst
Direct monetization FTW. Charge people for value. Cultivate audiences willing to pay for value.
Incentives aligned. Happy customers. Good businesses. Maybe you only get 60% gross margins, or, gasp, 40% gross margins. But so much less toxic.
freediver
> (I don't use Orion, as there's no GNU/Linux version.)
We commenced work on Orion for Linux yesterday.
hurutparittya
Any target date for open-sourcing it? :^)
joshuaturner
I remember the announcement for Orion but I haven't followed closely at all - any support for container proxies like in Firefox? Can't lose that feature
prophesi
If you mean Firefox containers[0], the closest you'll get is Profiles[1] since Orion is based on WebKit. Its location in settings is different from the Safari docs, and that's the only difference in Orion's implementation as far as I can tell. You can't open a tab in a certain profile, instead each profile opens in its own window, which is a lot more cumbersome than Firefox containers.
Arc, another Webkit-based browser, has an interesting implementation combining Profiles and Arc Spaces[2]. Instead of switching between windows, you switch between "Spaces" in the sidebar that are linked to a profile.
[0] https://addons.mozilla.org/firefox/addon/multi-account-conta...
maples37
I'd agree, at least partially in my case: Container Tabs is a killer feature for me with Firefox. Especially compared with the Temporary Containers extension on automatic mode, basically each new tab is like a fresh browser profile with zero cookies/local-storage.
I might consider demoing Orion on Linux even if it doesn't have container tabs, but at this time I wouldn't consider a full switch without that feature.
WD-42
Amazing!!!
Klaus23
The downside of this is that if you are not on a larger network, the IP address will probably deanonymise you. Kagi knows you are logged in, and if you open a private browsing window to do a spicy search, they could link the searches. Fast switching between modes is undesirable.
aryonoco
And that's why Kagi has simultaneously rolled out their service availability on tor: http://kagi2pv5bdcxxqla5itjzje2cgdccuwept5ub6patvmvn3qgmgjd6...
Tor has its flaws and criticisms, but it's really not on Kagi to fix them. With the combination of tor and their privacy pass, Kagi has gone further in allowing their paid users access to their services than anyone else.
Disclaimer: Not associated with Kagi in anyway other than being a very happy user.
ignoramous
Tor has nothing to do with what GP said, which is, the flexibility offered by Kagi (to turn privacy pass on / off) is actually self defeating. If (even technical) users walk away thinking "why don't other platforms offer this", then that tells you all about the foot-gun that this flexibility brings.
(Privacy Pass in fact doesn't make sense outside of an anonymizing transport, which makes the current announcement an exercise in marketing, at best)
theschmed
FYI in case you’re not aware, they announced in a podcast near the end of 2024 that a Linux version of Orion is planned.
paradox460
With kagi you'll get used to them making the correct choice. It's been stunning how they haven't really had any missteps
I wish my kagi t-shit could say the same. Bottom hem unraveled on the second wash, and so it's been consigned to the sleep and yard work shirts. They issued me a coupon for a free shirt as replacement, but it's yet to ship
cootsnuck
I think I can finally buy into the Kagi hype now that I've found a sincere negative opinion.
Sakos
Kagi has its share of issues. The whole shirt thing was a debacle and I wish they'd just sunk the absurd amount of money back into the product. I just often find the criticism from non-users to be disingenuous.
thibaultmol
yeah, same. I would only use privacy pass for icognito searches COUGH P0RN COUGH mainly (let's be honest). Feel free to submit the idea on kagifeedback.org
mhitza
The post hints at this, but having a shop where one can buy a privacy pass without an account makes sense.
Should support some crypto currency (probably monero), and something like GNU Taler if that technology ever becomes usable.
jacekm
Kagi accepts bitcoins but Vlad (the founder) mentioned on their forum that so few people use this option that it does not make sense to work on accepting Monero.
freediver
(vlad here) Rather, we are opportunistic about it and we want to focus on things that make impact (which most of the time is search, not billing). If there is enough demand, we will work on Monero support - and yes I agree, buying privacy pass tokens, without even needing an account, is one of those super-cool use cases.
loughnane
I know I’m just one guy, but lack of Monero support kept me away.
This feature looks like it narrows the gap a bit though.
Nice work
freedomben
I'd love to pay for Kagi with crypto, the main thing for me is the steep transfer fees. Nevertheless those can be offset somewhat with bulk payments. How about ability to buy like 3 years of Kagi at a time with crypto?
When I try to go into billing in Kagi I just get forwarded to Stripe. Does Stripe process the crypto payments?
null
akimbostrawman
Nobody wants to use BTC because of high fees and at this point its less a usable exchange of value than speculative asset. I personally would only ever use and trust a online service advertised as private/anonymous if it actually supported a private and anonymous currency (like some vpns do).
kobieps
Anyone claiming high fees is straw manning
null
mhitza
Kagi's privacy guarantee is more of a "trust me bro" and I say that as a Kagi subscriber. While they may claim that they preserve privacy or anonimity as long as it's tied to a user account, or payment information nothing prevents them from associating searches with user. Even protonmail enabled logging for a particular user at one point. Their guarantee is on the same level.
At the same time, privacy pass is a very foreign concept to me. If they are transferable between devices, one could generate a couple and resell them over some other medium (even in person).
freediver
We implemented Privacy Pass exactly so that you do not need to trust any claims we make but as a user have a (provable, cryptographically) mechanism that guarantees this, with one click, whenever you need it.
thibaultmol
the privacy pass extension is open source exactly because users can then verify the process. and yeah, to prevent reselling they've made it so you can't get infinite tokens.
Thorrez
>as long as it's tied to a user account, or payment information
Privacy Pass unties the searches from the user account and payment information.
autoexec
I agree that third party stores selling tokens without any account at all would be the ideal solution, but without an account you'd be missing out on many of the features that make kagi worth using like being able to remove certain domains from results or prioritizing types of results over others.
dsp_person
Add the ability to export your account config (yaml?) and use it with privacy pass. Maybe even sync it with git.
To avoid fingerprinting by config, have a page where the community can share and vote on best configs, then clone and use a popular one that suits your needs.
CGamesPlay
This defeats the purpose of Privacy Pass. Something similar is discussed in the post: https://blog.kagi.com/kagi-privacy-pass#:~:text=customizatio...
Eji1700
So....is this privacy through assumed lack of logging? Not trying to be a dick, just legit don't understand a part of this.
User A asks kagi for tokens. Kagi says "sure, here's 500 tokens". If kagi then logs the 500 tokens it just gave to user A, it now will know if any of those tokens is redeemed at a later date, that they're assigned to user A?
Of course if Kagi just doesn't retain this data, then yeah all is good because the token itself is only marked as valid, not valid and given to user A on date Y, but....that's it right? Or am I misunderstanding something?
readyplayeremma
The server does not generate the tokens, the client generates the tokens. The server is supposed to be able to verify that they were generated by a client who was granted the authority to generate them, but not which client did so. At least, not without side-channel information.
> The main building block of our construction is a verifiable oblivious pseudorandom function (VOPRF)
I am not sure how well tested that primitive is, but it definitely appears to be more than the server handing clients tokens and then pretending not to know who it gave them to.
The referenced paper: https://petsymposium.org/popets/2018/popets-2018-0026.pdf
rajnathani
What I find confusing is: Given that the server is essentially authorizing each subsequent client request (eg: For Kagi: search queries after a Kagi user has already been authenticated) in a way whereby the client is anonymous, what is the difference between Privacy Pass and simply providing a common authorization token to each user (and thus skipping all this cryptography)?
Update: On some thought, for the approach of the server providing a common authorization token that there is no guarantee to the client that the server is actually providing a common token and thus not just simply providing a unique identifier to each user. Thus, the Privacy Pass's cryptography ensures that the client knows that it is still anonymous. Update 2: But, what guarantee exists that the server doesn't generate a unique public key (i.e. public-private key pair) for each user and thus defeat anonymity this way? Update 3: They use zero-knowledge proofs to prove that all tokens are signed by the same private-key, from their paper: "The work of Jarecki et al. [18] uses a non-interactive zero-knowledge (NIZK) proof of discrete log equality (DLEQ) to provide verification of the OPRF result to the user. Their construction is hence a ‘verifiable’ OPRF or VOPRF and is proven secure in the random-oracle model. We adapt their construction slightly to use a ‘batch’ DLEQ proof allowing for much more efficient verification; in short this allows a user to verify a single NIZK proof that states that all of their tokens are signed by the same private key. This prevents the edge from using different key pairs for different users in an attempt to launch a deanonymization attack; we give more details in Section 3.2.".
dave1010uk
This is my understanding of how it works, without knowing the actual maths behind the functions:
# client
r = random_blinding_factor()
x = client_secret_input()
x_blinded = blind(x, r)
# Server
y_blinded = OPRF(k, x_blinded)
# Client
y = unblind(y_blinded, r)
This feels like the same kind of unintuitive cryptography as homomorphic encryption.
potamic
Using a client provided by Kagi can be a side-channel then? Should we rather be using an independent, standard client?
ghayes
Privacy Pass docs [0] cover this, but it is mostly referenced deeper in the paper. I believe the idea is that the tokens returned by the server are "unlinkable" to the (modified) tokens passed back by the client. So the server knows it passed back tokens A, B and C to some users, and later receives tokens X, Y and Z. It knows that X, Y and Z are valid, but not their correspondance to the tokens it issued. It uses elliptic curve cryptography for this.
codethief
After reading your comment I still didn't quite understand how the server couldn't just simply log the tokens A, B, C issued to user X. So I had a look at the website you linked: IIUC the key is that the tokens are actually generated by the user and the server never sees them (unblinded) before their first usage:
> When an internet challenge is solved correctly by a user, Privacy Pass will generate a number of random nonces that will be used as tokens. These tokens will be cryptographically blinded and then sent to the challenge provider. If the solution is valid, the provider will sign the blinded tokens and return them to the client. Privacy Pass will unblind the tokens and store them for future use.
> Privacy Pass will detect when an internet challenge is required in the future for the same provider. In these cases, an unblinded, signed token will be embedded into a privacy pass that will be sent to the challenge provider. The provider will verify the signature on the unblinded token, if this check passes the challenge will not be invoked.
catalypso
> the tokens are actually generated by the user and the server never sees them (unblinded) before their first usage
Here is how I see it:
1. The user generates a token/nonce => T
2. The user blinds the token with secret blinding factor b => Blinded token TB = T*b
3. The user sends the blinded token for signing. The server signs it and returns it to the user => Signed blinded token TBS = Sign(TB)
4. The user unblinds the token (this does not break the signature) => Signed Unblinded token TS = TBS/b
5. The user sends TS for its search query.
Eji1700
Ah thank you. That's the part I was missing. I know this example is wrong in 100 different ways, but something like "yeah we know a key with prime factor X is valid, and this has one", but there's thousands of those out there, so it can't tie out to whom.
null
Sakos
The idea is that the tokens aren't linked to any account. They're anonymous.
adamtaylor_13
Yeah I think you don’t understand the premise behind privacy pass tokens.
The whole idea is that the server does not which WHICH client a token belongs to. It doesn’t generate the tokens.
outime
The biggest flaw I always saw in Kagi has now been addressed by this. Thank you for listening and working to make the product appealing to (almost) everyone!
MostlyStable
One of the biggest complaints about Kagi from people who have not yet adopted it is their privacy concerns around having to login and have payment information.
I'm not one of the people that has been concerned about that, but I'm curious to what extent this alleviates those concerns among those that have had them.
g-b-r
> I'm not one of the people that has been concerned about that, but I'm curious to what extent this alleviates those concerns among those that have had them.
I am, it's mind-blowing to me that anyone would login to a search engine (yes, I know how many do it, now).
After a brief verification of the system, I'm pretty sure I'll sign up, now
ericrallen
Logging in to a search engine weirded me out at first, but after about a week I was so pleased with the results that I’ve been happily paying for almost a year now.
I honestly feel like any major free search engine is probably doing more to try to track you anyway.
And if you’re going to search something you want to be anonymous, you can just like use another search engine. I honestly haven’t run into the situation where I needed to.
I do worry that some day someone will be able to see how often I forget basic syntax for some JavaScript or Python method - or how often I can’t be bothered to type out a full domain and just search to navigate to it - but that’s a price I’m also willing to pay.
mvieira38
Most people are riding 24/7 with a Google session active, as it carries from Youtube/Chrome to Search. I don't think many realize it
xigoi
Why would you not want to login to a personalized service (unless you really need to be anonymous for some reason)?
faeranne
Assuming the cryptography does what they say it does (am not a cryptography expert, so I can't verify that part), this would completely disjoin a search request from any account info. The account generates several "search tokens", and for each search request, one of those tokens is spent. The tokens are generated on-device, and until spent, never leave the device, so in theory there's no way for Kagi to know which account generated the token just from the token alone. This doesn't fix fingerprinting or IP associations (though the plugin for Firefox and Chrome supposedly takes efforts to try and limit fingerprinting too), but this isn't any better/worse than simply using Google or Duckduckgo, and functions on Tor if you really want some privacy.
Again, not sure on how the tokens are proven legit without ever sharing them, but there's probably some ~~zero-knowledge proof~~ stuff going on that covers that.
Edit: Not zero-knowledge proof. Seems to be Blind Signature?
sedatk
> This doesn't fix fingerprinting or IP associations
It solves the problem of using a paid service without compromising customer’s privacy which is a breakthrough. The rest are different problems and they are universal issues with various existing solutions as you already pointed out.
sanbor
Most of the time I have ProtonVPN in my phone and computer, which solves the IP association problem for me
cobertos
What's to stop someone on the Kagi side from just adding a new column to the token table that has the user (with their SessionCookie) who generated the token next to it? I don't see how this can't be trivially connected to the original token generator.
fvirdia
Implementor here. During the Privacy Pass "issuance" protocol, the client will generate a "message" that the server will process. The output from the server is returned to the client, that further modifies this output to produce the final tokens. The last client modification randomises these tokens in such a way that the server will be unable to identify to what issuance they belong.
The very cool thing is that this is the case even if the server tries to misbehave during their phase. This means that users only need to trust the client software, which we open sourced: https://github.com/kagisearch/privacypass-extension
Some posters are mentioning blind signatures, and indeed Privacy Pass can utilise these as a building block. To be precise, however, I should mention that for Kagi we use "Privately Verifiable Tokens" (https://www.rfc-editor.org/rfc/rfc9578.html#name-issuance-pr...) based on "oblivious pseudorandom functions" (OPRFs), which in my personal view are even cooler than blind signatures
perihelions
That's apparently explained in their citation [1], the paper about cryptographically anonymous token protocols. It's not a simple plaintext token.
https://petsymposium.org/popets/2018/popets-2018-0026.php ("Privacy Pass: Bypassing Internet Challenges Anonymously")
I think Cloudflare implemented the same thing? At least the HN comments link to the same paper,
https://news.ycombinator.com/item?id=19623110 ("Privacy Pass (cloudflare.com)", 53 comments)
promiseofbeans
Yep, in fact Cloudflare are the original people who came up with this, when people were complaining about seeing turnstile screens too often
ajayyy
The tokens are "generated" on the client, and the server just gives the client enough information to make that locally generated token become "valid", without being able to link that token to a specific validation attempt
sebazzz
So basically the server signs the token and afterwards the server can verify its own signature for every request with that token?
faeranne
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.
SomeoneOnTheWeb
Exactly the question I had in mind. You can't rely on server side trust so I'm curious if I just misunderstood something...
null
thibaultmol
I think the extension they're using being open source helps with this? because it can be checked in there? not sure
lxgr
I believe "Privacy Pass" uses blind signatures, so the token that the TokenResponse contains can't be correlated to the one provided in the search query, if I understand it correctly.
grg0
Does this actually work, though? The token can only be redeemed once, which means that, realistically, the client is going to be in a loop generating and redeeming tokens in a given search session, which makes the pairs trivial to correlate. The article even states it:
> For this reason, it is highly recommended to separate token generation and redemption in time, or “in space” (by using an anonymizing service such as Tor when redeeming tokens, see below).
Sure, Tor will random the space. But what about the time? I then went to "see below" and didn't see anything relevant. Or is the idea that, with sufficient request volume, clients mask each other in time?
Also, Tor will only randomize the space insofar as you keep re-establishing a session; the loop remains static for the duration of a session afaik. And re-establishing a session takes like 10 seconds. So is it really randomizing the space?
abound
> The token can only be redeemed once, which means that, realistically, the client is going to be in a loop generating and redeeming tokens in a given search session, which makes the pairs trivial to correlate.
One token request can produce N tokens. We have it configured where N = 500, so most users will be requesting more tokens fairly infrequently.
grg0
Thanks for the clarification.
null
tonygiorgio
This is sick, fantastic work.
I have built blind signature authentication stuff before (similar to privacy pass) and one thing I’m curious about is how you (will) handle multi device access?
I understand you probably launched with only unlimited search users in order to mitigate the same user losing access to their tokens on a different device. But any ideas for long term plans here? When I built these systems in the past, I always had to couple it with E2EE sync. Not only can that be a pain for end users, but you can also start to correlate storage updates with blind search requests.
Either case, this is amazing and I’m gonna be even more excited to not just trust Kagi, but verify that I don’t need to trust y’all. Congrats.
fvirdia
Yes, multi-device is definitely not easy. We've played with a few ideas, but it is definitely not a question with an obvious answer. For now, our rate-limiting allows you to use Privacy Pass on a few different devices by having each generate tokens independently. We will see how this goes and listen to user feedback before going back to the drawing board.
Ajedi32
Is this the same Privacy Pass that Cloudflare was using to allow clients to bypass CAPTCHAs? If so, this is a really neat application of that system; it never occurred to me that it could be used to anonymously authenticate to a paid service.
RupertWiser
The cryptography privacy pass is based off [1] actually comes from Ecash[2] so we’ve gone full circle.
[1] https://www.petsymposium.org/2018/files/papers/issue3/popets... [2] https://en.m.wikipedia.org/wiki/Ecash
jeroenhd
Yes, though Cloudflare has ended their privacy pass trial as far as I know.
I remember Safari as the only browser that implemented it natively, but I guess Orion has it now too.
noident
I'm not affiliated with the Tor Project organization, but I have some questions.
From Tor docs [0]:
> Add-ons, extensions, and plugins are components that can be added to web browsers to give them new features. Tor Browser comes with one add-on installed: NoScript. You should not install any additional add-ons on Tor Browser because that can compromise some of its privacy features.
How does Kagi square this with Privacy Pass, which requires a browser extension rejected by Tor [1]? Did Kagi analyze whether it is possible to bucket users of Tor into two distinct groups depending on whether the extension is installed? Do I need to trust another organization other than the Tor project to keep the signing keys for the extension safe? Was there any outreach to the Tor community at all prior to releasing this feature?
It's great that they're Torifying the service, but depending on a 3rd party extension is not ideal.
[0] https://support.torproject.org/glossary/add-on-extension-or-...
[1] https://gitlab.torproject.org/tpo/applications/tor-browser/-...
noident
I sat down on my desktop to take a closer look at how Kagi implemented this. It turns out that the privacy pass extension isn't the one implemented by CloudFlare (and rejected by Tor), but a new extension called Kagi Privacy Pass.
Ok, let's look at the source.
curl -L https://addons.mozilla.org/firefox/downloads/file/4436183/kagi_privacy_pass-1.0.2.xpi > /tmp/extension.xpi
unzip /tmp/extension.xpi -d /tmp/extension
cd /tmp/extension
// ./scripts/privacypass.js
/*
* Privacy Pass protocol implementation
*/
import init, * as kagippjs from "./kagippjs/kagippjs.js";
...
// load WASM for Privacy Pass core library
await init();
I personally would not install unknown WASM blobs in Tor browser. Source and reproducible build, please!
Let's continue.
// get WWW-Authenticate HTTP header value
let origin_wwwa_value = "";
const endpoint = onion ? ONION_WWWA_ENDPOINT : WWWA_ENDPOINT;
try {
const resp = await fetch(endpoint, { method: "GET", headers: { 'X-Kagi-PrivacyPass-Client': 'true' } });
origin_wwwa_value = resp.headers.get("WWW-Authenticate");
} catch (ex) {
if (onion) {
// this will signal that WWWA could not fetch via .onion
// the extension will then try normally.
// if the failure is due to not being on Tor, this is the right path
// if the failure is due to being on Tor but offline, then trying to fetch from kagi.com
// won't deanonymise anyway, and will result in the "are you online?" error message, also the right path
return origin_wwwa_value;
}
throw FETCH_FAILED_ERROR;
}
abound
[I work at Kagi]
The extension is open-source [1], including the Rust code that produces the WASM [2]. You should be able to produce a bit-compatible binary from these repos, and if not, please file a bug!
noident
Ah, nice, Firefox extension pages don't link to the source code and I missed it. Looking forward to digging into this more. Thanks!
JumpCrisscross
> Was there any outreach to the Tor community at all prior to releasing this feature?
Do we know what fraction of Kagi users access it through Tor?
noident
It must be a small fraction since they released their Tor onion service 3 hours ago in the original linked article :)
JumpCrisscross
I’m not diminishing Kagi or Tor, I’m asking for validation for the former expanding resources.
esafak
I love this company and product. I noticed another great feature today: the ability to filter AI slop in image search! It's the right-most filter: "AI Images".
I love that Kagi now uses Privacy Pass, and they look like a cool company in general.
That being said, they essentially took the IETF draft I worked on for a while [1] and also my Rust implementation [2]. They built a thin wrapper [3] around my implementation and now call it "Kagi’s implementation of Privacy Pass". I think giving me some credit would have been in order. IETF work and work on open-source software is mostly voluntary, unpaid, and often happens outside of working hours. It's not motivating to be treated like that. Kagi, you can do better.
[1] https://datatracker.ietf.org/doc/draft-ietf-privacypass-batc... [2] https://github.com/raphaelrobert/privacypass [3] https://github.com/kagisearch/privacypass-lib/blob/e4d6b354d...